IETF Logo Mail Archive

Re: [regext] WGLC: https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token

"Gould, James" <jgould@verisign.com> Fri, 19 January 2018 16:45 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 766BD12DA48 for <regext@ietfa.amsl.com>; Fri, 19 Jan 2018 08:45:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTmRub7_QPQW for <regext@ietfa.amsl.com>; Fri, 19 Jan 2018 08:45:08 -0800 (PST)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAC7D12DA45 for <regext@ietf.org>; Fri, 19 Jan 2018 08:45:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=8958; q=dns/txt; s=VRSN; t=1516380308; h=from:to:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=JHcYzNkzdIPWwkY3j7Erdayxbg3qEqKyyKSfxRPAHU4=; b=Wm2y6SRGSAxaPucSfOAP6PnjKid2VKkmaR1gNoaT4oVCX1cMh8v3sYF7 9OlsvmfA71++inwsDdd9rN622fcveFZWZe309iU3Rj57kpFwqTGzXZpA6 1dhl/DHil4dnHQmFalL77VZvt2jJSClABOQOiBezltxM0Z+YmlV6fztkO aYvCCflsJZTnMVmcoMviWi9oph8KG8wFYzfm3nOIPYTfv7pbTk7bcUh0O sQb18viJ/BK6OK/ghLYBpFs3FLRcsDMPS++09iqZRXvmviMYJ+xyFxYAz MnZ9TOojyQtQ+wFze2r7XjHSxoEjjesdCghz+bAbZnMcUP5QCiRshv8LH g==;
X-IronPort-AV: E=Sophos;i="5.46,382,1511827200"; d="scan'208";a="5676032"
IronPort-PHdr: 9a23:fx913xFOAitiEPGxghBYaZ1GYnF86YWxBRYc798ds5kLTJ76p864bnLW6fgltlLVR4KTs6sC17KP9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCagbb9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSndbXstJVyJPHJ6yb5cBAeQCM+ZXrYfyp1oSohWxCgahH//vxSRNhnPqwaE3yeYsHAfb1wIgBdIOt3HUoc37OKkTVuC10a3IwijbY/hL3Tny8o3IfQ46of2CQLl9dsjRyUYoFwPYilWftJfoPy2L2eQXsmib9OtgVe2pi2I9tw5xpT2vy94qh4LUiIwVzVXE+j94wIYzPdC4VlB0YcSlEJtLtiGaOI12QsIkQ250oio11roGuZujcCgL1psn2xDfZ+aAc4iS7RLuUvuaLzRghH99Zb6zmwy+/VWix+DyTMW4zVZHoyRfntXSuX0A1wTf5tWbRvdn40us2yqD2xrO5uxLIk04j7fXJp0nz7UtjJQcq17DETXzmEjuia+WcVgr9faw5uT8Z7XmuoecN4hpigHiKqgumtKwAeA/MgUWRGeb4+K82KDn/Uz2RbVFlPw2kq3esJDHOcQXurC1DxVL0ok98Ra/Diym0NUXnXkBNl5KZBWHj43xN1HPJvD3E+u/jkyxnDt33fzKI7/sD5vXInTekLrsc6xx51BTxQcz1dxf4ohbCrAFIPL9QE/xs9nYAwc7Mwy7xObnFdF92Z4FVGKRHKCZKqLSsUSJ5uIgJemAfpMauDH4K/Q9/f7hkWc5mUMBfamuxZYXcm63Hvt4LESWfXrhmdYBHnkWvgowVuDqj0eCUTFLbXaoQ608/i07CJ6hDYrbSYCimriB3Dm6Hp1QfW1JFFSMEXbzd4WYVPYAcj6dIshkkm9Mab/0Aa8m0RWjsgX3wLkjZtHf/TEE/9q3z9hy4+nekxs//j9cEcmH0nqMQGcylWQNEXt+lu9wqEhjy1Gr3Kx5mOBIU9dU4rwDGlM1PJrCzupSBtTzQR7RONyOTQDiCp/pGzw+Q8It694Df0g7HM+twVqLizCnDLIFi5SKCYA6tKXG0C6iCdx6ziOM+648i1ViCulGMGC9zOYr9QfUGorFu1uUjaexdKsamiXK8THQniK1oEhEXVsoAu3+VncFax6T9Iyh6w==
X-IPAS-Result: A2GpAADWH2Ja//WZrQpbAxkBAQEBAQEBAQEBAQEHAQEBAQGEKIEbB4NWmwYRlyEVgT8bIQcKGAuESU8CGoUJFgEBAQEBAQEBAQECgRCCOCQBDkshBgEFAQEBAQEBJgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAcvEgEBGAEBAQEDAQEhEToXBAIBCA0EBAEBAwIfBAMCAgIlCxQBCAgCBAEJCRmKKq8ogieKMwEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BD4M5g22BZymDBYMvAQECAQGBRg8CLQomghM9MYIUIAWSMJE/BgKID49gZ4U3i2GKcoJYAolFAgQLAhkBgTwmC4F3bxUZJCoBgX8JgkscGRiBNngqiWsCLIEGgRcBAQE
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id w0JGj5IY003312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 19 Jan 2018 11:45:06 -0500
Received: from BRN1WNEXMBX02.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Fri, 19 Jan 2018 11:45:05 -0500
From: "Gould, James" <jgould@verisign.com>
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>, "'galvin@elistx.com'" <galvin@elistx.com>, "'regext@ietf.org'" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] WGLC: https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token
Thread-Index: AQHTkI4uh4eiQ1gA7UuKS23vPgSPcqN7aJiA
Date: Fri, 19 Jan 2018 16:45:04 +0000
Message-ID: <FFA5E32B-34BE-4FE7-88C9-F66B2383466F@verisign.com>
References: <DEB6B5AD-407F-4620-A35F-F640C087376F@elistx.com> <831693C2CDA2E849A7D7A712B24E257F7F937800@BRN1WNEXMBX02.vcorp.ad.vrsn.com>
In-Reply-To: <831693C2CDA2E849A7D7A712B24E257F7F937800@BRN1WNEXMBX02.vcorp.ad.vrsn.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.29.0.171205
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <8EDB9B1BA212CD42A7C491EDE1D1B043@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/o3yEiS8XFUySUc5Sro6zOQwePaY>
Subject: Re: [regext] WGLC: https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2018 16:45:10 -0000

Scott,

Thanks for your review and feedback.  I provide responses to your feedback below.
  
—
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/> 

On 1/18/18, 1:57 PM, "regext on behalf of Hollenbeck, Scott" <regext-bounces@ietf.org on behalf of shollenbeck@verisign.com> wrote:

    > -----Original Message-----
    > From: regext [mailto:regext-bounces@ietf.org] On Behalf Of James Galvin
    > Sent: Friday, January 12, 2018 8:33 AM
    > To: Registration Protocols Extensions <regext@ietf.org>
    > Subject: [EXTERNAL] [regext] WGLC: https://datatracker.ietf.org/doc/draft-
    > ietf-regext-allocation-token
    > 
    > The document editors have indicated that the following document is ready
    > for submission to the IESG to be considered for publication as a Proposed
    > Standard:
    > 
    > Allocation Token Extension for the Extensible Provisioning Protocol
    > (EPP)
    > https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token-05
    
    Comments:
    
    Abstract:
    
1. The text says that "This document describes an Extensible Provisioning Protocol (EPP) extension for including an allocation token or for allocating an object like a domain name to the client", but I have no idea what an "allocation token" is based on reading the abstract. I think it would be better to say something like "This document describes an Extensible Provisioning Protocol (EPP) extension for including a <insert text here>, otherwise known as an "allocation token", or for allocating an object like a domain name to the client".

Alex had similar feedback.  Based on Alex’s feedback that abstract is being changed to:

This document describes an Extensible Provisioning Protocol (EPP) extension for including an Allocation Token in query and transform commands. The Allocation Token is used as a credential that authorizes a client to request the allocation of a specific object from the server, using one of the EPP transform commands including create, update, and transfer.

Does this abstract meet your needs?
    
    2. Please change "MAY" to "may" in the abstract.

You and Alex are on the same page.  The MAY has been removed in the revised abstract above.  
    
    Introduction: same comment re: definition of "allocation token".

Based on Alex’s feedback, similar language in the abstract is used in the revised introduction along with a definition of allocation.  
    
    "It is up to server policy which EPP transform commands and which objects support the allocation token"
    
    How does a client learn which commands and objects are supported?

This would be defined out-of-band or within a future Registry Mapping policy extension.  
    
    Section 2.1 (and 4.1): "The exact format of the Allocation Token is up to server policy."
    
    After reading this text I looked at the schema in Section 4.1 to see how it defined the allocationToken element. What I saw in 4.1 confused me a bit. The schema describes the allocationTokenType as an extension of the XML Schema "token" type, but it doesn't include any extensions or restrictions. So why not just do this?
    
    <element name="allocationToken" type="token"/>
   
    Having said that, without restrictions like minLength or maxLength I see the potential for some client-server interoperability issues. What, for example, is meant by a zero-length token? It's syntactically valid, but meaningless (I think). Might it not be better to have a minLength of 1 and some sufficiently long maxLength?

I believe that there is no reason for a zero length allocationToken element, so we can set the minimum length to 1 as in: 

  <simpleType name="allocationTokenType">
    <restriction base="token">
      <minLength value="1"/>
    </restriction>
  </simpleType>

    
    Section 5.1: The title of this section is "XML Namespace", but it seems to be conflating a registration request for an XML namespace and the XML Schema described in Section 4. I'm going to recommend registering both the namespace and the schema in the same way it's done in, for example, RFC 5731.

I revised the IANA Considerations section to match RFC 5731 and draft-ietf-regext-launchphase.
    
    Section 7: These allocation tokens feel like they should be protected in some way. They're retrieved using an <info> command, so they get TLS privacy protection while in transit -- good. What, though, should a client do to protect them while they're sitting around waiting to be used in subsequent EPP commands? At a minimum, I think some text needs to be added here to note that there are risks associated with tokens sitting in some client-side data store. Similarly, are tokens designed to be used for only a single operation? Are there risks associated with reuse? Do they expire? If not, why?
    
    Please consider these questions about the tokens as just a sample of the kinds of topics that should be addressed in Section 7.

Since draft-ietf-regext-allocation-token is a conduit for allocation tokens that are considered credentials and are defined elsewhere, I can add some considerations for defining the allocation tokens to the Security Considerations section.  The use of EPP ensures that the Allocation Token is secure in transit between the client and the server.  Considerations can include:

1. An Allocation Token SHOULD be considered secret information by the client and should be protected at rest and in transit.  
2. An Allocation Token SHOULD be single use, meaning it should be unique per object and per allocation operation.
3. An Allocation Token SHOULD have a limited life with some form of expiry in the Allocation Token if generated by a trusted 3rd third party, or with a server-side expiry if generated by the server.
4. An Allocation Token SHOULD use a strong random value if it is based on an unsigned code.
5. An Allocation Token SHOULD leverage digital signatures to confirm its authenticity if generated by a trusted 3rd party.  
6. An Allocation Token that is signed XML SHOULD be encoded (e.g., base64) to mitigate server validation issues. 
 
Are there other considerations that should be added to the list or should any of these be modified?
   
    Scott
    
    _______________________________________________
    regext mailing list
    regext@ietf.org
    https://www.ietf.org/mailman/listinfo/regext

v2.23.0 | Report a Bug | By Email